[PATCH AUTOSEL 5.15 02/12] wifi: mac80211: don't return unset power in ieee80211_get_tx_power()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Ping-Ke Shih <pkshih@realtek.com>,
	Zong-Zhe Yang <kevin_yang@realtek.com>,
	Johannes Berg <johannes.berg@intel.com>,
	Sasha Levin <sashal@kernel.org>,
	johannes@sipsolutions.net, davem@davemloft.net,
	edumazet@google.com, kuba@kernel.org, pabeni@redhat.com,
	linux-wireless@vger.kernel.org, netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 5.15 02/12] wifi: mac80211: don't return unset power in ieee80211_get_tx_power()
Date: Tue,  7 Nov 2023 07:11:39 -0500	[thread overview]
Message-ID: <20231107121158.3758348-2-sashal@kernel.org> (raw)
In-Reply-To: <20231107121158.3758348-1-sashal@kernel.org>

From: Ping-Ke Shih <pkshih@realtek.com>

[ Upstream commit e160ab85166e77347d0cbe5149045cb25e83937f ]

We can get a UBSAN warning if ieee80211_get_tx_power() returns the
INT_MIN value mac80211 internally uses for "unset power level".

 UBSAN: signed-integer-overflow in net/wireless/nl80211.c:3816:5
 -2147483648 * 100 cannot be represented in type 'int'
 CPU: 0 PID: 20433 Comm: insmod Tainted: G        WC OE
 Call Trace:
  dump_stack+0x74/0x92
  ubsan_epilogue+0x9/0x50
  handle_overflow+0x8d/0xd0
  __ubsan_handle_mul_overflow+0xe/0x10
  nl80211_send_iface+0x688/0x6b0 [cfg80211]
  [...]
  cfg80211_register_wdev+0x78/0xb0 [cfg80211]
  cfg80211_netdev_notifier_call+0x200/0x620 [cfg80211]
  [...]
  ieee80211_if_add+0x60e/0x8f0 [mac80211]
  ieee80211_register_hw+0xda5/0x1170 [mac80211]

In this case, simply return an error instead, to indicate
that no data is available.

Cc: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://lore.kernel.org/r/20230203023636.4418-1-pkshih@realtek.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/mac80211/cfg.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 4fa216a108ae8..02bd90a537058 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -2762,6 +2762,10 @@ static int ieee80211_get_tx_power(struct wiphy *wiphy,
 	else
 		*dbm = sdata->vif.bss_conf.txpower;
 
+	/* INT_MIN indicates no power level was set yet */
+	if (*dbm == INT_MIN)
+		return -EINVAL;
+
 	return 0;
 }
 
-- 
2.42.0

next prev parent reply	other threads:[~2023-11-07 12:17 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-11-07 12:11 [PATCH AUTOSEL 5.15 01/12] wifi: mac80211_hwsim: fix clang-specific fortify warning Sasha Levin
2023-11-07 12:11 ` Sasha Levin [this message]
2023-11-07 12:11 ` [PATCH AUTOSEL 5.15 03/12] atl1c: Work around the DMA RX overflow issue Sasha Levin
2023-11-07 12:11 ` [PATCH AUTOSEL 5.15 04/12] bpf: Detect IP == ksym.end as part of BPF program Sasha Levin
2023-11-07 12:11 ` [PATCH AUTOSEL 5.15 05/12] wifi: ath9k: fix clang-specific fortify warnings Sasha Levin
2023-11-07 12:11 ` [PATCH AUTOSEL 5.15 06/12] wifi: ath10k: fix clang-specific fortify warning Sasha Levin
2023-11-07 12:11   ` Sasha Levin
2023-11-07 12:11 ` [PATCH AUTOSEL 5.15 07/12] net: annotate data-races around sk->sk_tx_queue_mapping Sasha Levin
2023-11-07 12:11 ` [PATCH AUTOSEL 5.15 08/12] net: annotate data-races around sk->sk_dst_pending_confirm Sasha Levin
2023-11-07 12:11 ` [PATCH AUTOSEL 5.15 09/12] wifi: ath10k: Don't touch the CE interrupt registers after power up Sasha Levin
2023-11-07 12:11   ` Sasha Levin
2023-11-07 12:11 ` [PATCH AUTOSEL 5.15 10/12] Bluetooth: btusb: Add date->evt_skb is NULL check Sasha Levin
2023-11-07 12:11 ` [PATCH AUTOSEL 5.15 11/12] Bluetooth: Fix double free in hci_conn_cleanup Sasha Levin
2023-11-07 12:11 ` [PATCH AUTOSEL 5.15 12/12] platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e Sasha Levin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:4fa216a108ae dfblob:02bd90a53705 )
 OR (
bs:"[PATCH AUTOSEL 5.15 02/12] wifi: mac80211: don't return unset power in ieee80211_get_tx_power()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20231107121158.3758348-2-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=johannes.berg@intel.com \
    --cc=johannes@sipsolutions.net \
    --cc=kevin_yang@realtek.com \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-wireless@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=pkshih@realtek.com \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.